Skip to content

Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 #126

Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0

Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 #126

Workflow file for this run

name: Build and push latest image if needed
on:
pull_request:
branches:
- main
- release-*
- feature/*
push:
branches:
- main
- release-*
- feature/*
jobs:
check-env:
name: Compute outputs for use by other jobs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
show-progress: false
- name: Check whether tests need to be run based on diff
uses: antrea-io/has-changes@v2
id: check_diff
with:
paths-ignore: docs/* ci/jenkins/* *.md hack/.notableofcontents
- name: Checking if image needs to be pushed
id: check_push
run: |
if [ "${{ github.repository }}" == "antrea-io/antrea" ] && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "push_needed=true" >> $GITHUB_OUTPUT
echo "docker_driver=docker-container" >> $GITHUB_OUTPUT
else
echo "push_needed=false" >> $GITHUB_OUTPUT
echo "docker_driver=docker" >> $GITHUB_OUTPUT
fi
outputs:
has_changes: ${{ steps.check_diff.outputs.has_changes }}
push_needed: ${{ steps.check_push.outputs.push_needed }}
docker_driver: ${{ steps.check_push.outputs.docker_driver }}
build:
needs: check-env
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
strategy:
matrix:
include:
- platform: linux/amd64
runner: ubuntu-latest
suffix: amd64
- platform: linux/arm64
runner: github-arm64-2c-8gb
suffix: arm64
- platform: linux/arm/v7
runner: github-arm64-2c-8gb
suffix: arm
runs-on: ${{ matrix.runner }}
env:
DOCKER_TAG: latest
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: ${{ needs.check-env.outputs.docker_driver }}
- name: Build Antrea Docker image without pushing to registry
if: ${{ needs.check-env.outputs.push_needed == 'false' }}
run: |
./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull
- name: Build and push Antrea Docker image to registry
if: ${{ needs.check-env.outputs.push_needed == 'true' }}
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull --push-base-images
docker tag antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
docker tag antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
docker push antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
docker push antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
push-manifest:
needs: [check-env, build]
if: ${{ needs.check-env.outputs.push_needed == 'true' }}
runs-on: ubuntu-latest
env:
DOCKER_TAG: latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: ${{ needs.check-env.outputs.docker_driver }}
- name: Docker login
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- name: Create and push manifest for controller image
run: |
docker manifest create antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" \
antrea/antrea-controller-ubuntu-arm64:"${DOCKER_TAG}" \
antrea/antrea-controller-ubuntu-arm:"${DOCKER_TAG}" \
antrea/antrea-controller-ubuntu-amd64:"${DOCKER_TAG}"
docker manifest push --purge antrea/antrea-controller-ubuntu:"${DOCKER_TAG}"
- name: Create and push manifest for agent image
run: |
docker manifest create antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" \
antrea/antrea-agent-ubuntu-arm64:"${DOCKER_TAG}" \
antrea/antrea-agent-ubuntu-arm:"${DOCKER_TAG}" \
antrea/antrea-agent-ubuntu-amd64:"${DOCKER_TAG}"
docker manifest push --purge antrea/antrea-agent-ubuntu:"${DOCKER_TAG}"
build-ubi:
needs: check-env
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
runs-on: ubuntu-latest
env:
DOCKER_TAG: latest
steps:
- name: Free disk space
# https://github.com/actions/virtual-environments/issues/709
run: |
sudo apt-get clean
df -h
- uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: ${{ needs.check-env.outputs.docker_driver }}
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Build Antrea UBI9 Docker image without pushing to registry
if: ${{ needs.check-env.outputs.push_needed == 'false' }}
run: |
./hack/build-antrea-linux-all.sh --pull --distro ubi
- name: Build and push Antrea UBI9 Docker image to registry
if: ${{ needs.check-env.outputs.push_needed == 'true' }}
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
./hack/build-antrea-linux-all.sh --pull --push-base-images --distro ubi
docker push antrea/antrea-agent-ubi:"${DOCKER_TAG}"
docker push antrea/antrea-controller-ubi:"${DOCKER_TAG}"
build-scale:
needs: check-env
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Build Antrea Agent Simulator Docker image
run: make build-scale-simulator
- name: Push Antrea Agent Simulator Docker image to registry
if: ${{ needs.check-env.outputs.push_needed == 'true' }}
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
docker push antrea/antrea-ubuntu-simulator:latest
build-windows:
needs: check-env
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Build Antrea Windows Docker image
if: ${{ needs.check-env.outputs.push_needed == 'false' }}
run: ./hack/build-antrea-windows-all.sh --pull
- name: Push Antrea Windows Docker image to registry
if: ${{ needs.check-env.outputs.push_needed == 'true' }}
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
./hack/build-antrea-windows-all.sh --pull --push --push-base-images
shell: bash
build-antrea-mc-controller:
needs: check-env
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Build antrea-mc-controller Docker image
run: make build-antrea-mc-controller
- name: Push antrea-mc-controller Docker image to registry
if: ${{ needs.check-env.outputs.push_needed == 'true' }}
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
docker push antrea/antrea-mc-controller:latest
build-flow-aggregator:
needs: check-env
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Build flow-aggregator Docker image
run: make flow-aggregator-image
- name: Check flow-aggregator Docker image
run: docker run antrea/flow-aggregator --version
- name: Push flow-aggregator Docker image to registry
if: ${{ needs.check-env.outputs.push_needed == 'true' }}
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
docker push antrea/flow-aggregator:latest
build-antrea-migrator:
needs: check-env
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Build antrea-migrator Docker image
run: make build-migrator
- name: Push antrea-migrator Docker image to registry
if: ${{ needs.check-env.outputs.push_needed == 'true' }}
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
docker push antrea/antrea-migrator:latest